Communications between client components and a vCenter Server system or ESXi hosts are protected by SSL-based encryption by default. Linux versions of these components do not perform certificate validation. Consider restricting the use of these clients.
To improve security, you can replace the VMCA-signed certificates on the vCenter Server system and on the ESXi hosts with certificates that are signed by an enterprise or third-party CA. However, certain communications with Linux clients might still be vulnerable to man-in-the-middle attacks. The following components are vulnerable when they run on the Linux operating system.
vSphere SDK for Perl scripts
Programs that are written using the vSphere Web Services SDK
You can relax the restriction against using Linux clients if you enforce proper controls.
Restrict management network access to authorized systems only.
Use firewalls to ensure that only authorized hosts are allowed to access vCenter Server.
Use jump-box systems to ensure that Linux clients are behind the jump.